Problem

So I set up a virtual backtrack machine using VMware Workstation - I'm trying to launch an attack against the host OS (Ubuntu Linux) from the virtualized host (backtrack), but I do not understand what questions I need to research to find information regarding the methodology for this.

If anyone could point me in the direction of a resource, blog, book, or simply explain a high-level methodology for how one would approach breaking out of a virtual machine, I would greatly appreciate it.

Thanks,

Andrew

PS: Like, how does access control and privilege work across a VM? Is it like a process broker sandbox?...

1 Answer
1

A virtual machine is an isolation layer. The code which runs into the VM (the "guest") is not supposed to be able to escape the VM and reach the host, except through the access facilities which have been explicitly enabled by the VM (e.g. networking).

Therefore, to break out of the VM, you need to find and exploit a security hole in the VM implementation -- VMWare Workstation in your case. Methodology would then be: search the Web for a description of known vulnerabilities. For instance, a simple Google search links to this.

The VM emulates a virtual machine: the guest kernel and the host operating system live in completely distinct worlds. Or, more accurately, the VM is a single process from the point of view of the host; the guest runs on hardware which does not exist, and maintains its own forest of internal process. Nowadays, VM managers are hypervisors; they use dedicated CPU opcodes to "remain hidden" from the guest: whatever the guest tries to do, it does so through some code which runs on the CPU, and the hypervisor intercepts the opcodes which could "see through the veil". This movie is a big metaphor on the hypervisor / virtual machine relationship, and it explains the situation quite well -- if you get past the heavy weapon handling and the spunky females in tight clothes, that is.